User Manual

Container-Based Devices

Container-based virtual devices are light-weight virtual machines that translate kernel calls to kernel calls of the host kernel. Container-based virtualization technologies offer complete usermode access to the virtual machines and a limited kernel-mode access. The kernel mode access allows to:

  • Manage networking hardware
  • Use raw sockets


  • Only Linux
  • No kernel modules
  • No kernel changes
  • No NFS mounting
  • No graphical hardware, and thus no desktop environment possible


The console access is realized as a shell inside the virtual machine. The access is comparable to an ssh session, which runs an extra screen. Multiple concurrent windows will show the same console but when all windows showing the console are closed, the console will not be terminated. This has several implications:

  • The console does not require any login. This does not mean that the system is insecure, the ssh server will prompt for a login as normal.
  • The console is text-based, so no graphical programs can be executed.
  • The meaning of pressed keys depends on the keyboard layout of the real keyboard of the user.
  • The console history is preserved.


The root file-system is stored in a folder on the host machine. The file-system can be download and uploaded as a tar archive compressed with gzip (.tgz or .tar.gz). When extracting or creating such an image, keep in mind that file ownership can only be set properly if the user has root permissions and all the users and groups in the image exist. When this is not done properly the resulting compressed archive will not be bootable.

To learn more about the creation of images, consult the advanced user’s manual.

Executable Archives

Executable archives can be uploaded and downloaded when the device is prepared or started. Automatic execution is possible only when nlXTP guest modules are installed on the image.

The archive directory is part of the device’s image. It can be found at /mnt/nlXTP


ToMaTo supports the following technologies for container-based virtualization:

  • LXC (preferred)
  • OpenVZ

Configuration Window


The on-screen name of the device. This setting will not affect your experiment.


Site that this element will be deployed to.

Performance Profile

Device profile that will be applied to this element.


Template that will be used when preparing this element. When your device is prepared, you can still exchange the template.

Changing the template of a prepared device will delete all existing data on the device’s current disk image.

Segment separation

As long as the Colorify segments option in the topology editor is activated, ToMaTo highlights separated networks as different segments. Elements can be defined as connecting elements to combine different network segments. This does not have any direct effect on the network infrastructure and is ONLY for usability purposes. It allows to mark devices which interconnect networks to increase the overview of the topology.

Custom Icon

Select a URL to a custom icon for this device to be shown in the editor. The icon should be a 32x32 PNG image.

ToMaTo offers a set of pre-defined custom icons under Custom Element Icons in the main menu’s Resources menu. → go now


The device’s hostname (as in /etc/hostname)

IPv6 gateway and IPv4 gateway

IP gateway configuration for your device

Root password

The device’s root password.

Interfaces’ Configuration Window


The interface’s device name on its host (e.g., “eth0”)

IPv4 address

The interface’s IPv4 address and subnet (e.g., “”)


Use DHCP instead of the configured address

IPv6 address

The interface’s IPv6 address